Disallow eval() (no-eval)

禁用 eval()（no-eval）

JavaScript’s eval() function is potentially dangerous and is often misused. Using eval() on untrusted code can open a program up to several different injection attacks. The use of eval() in most contexts can be substituted for a better, alternative approach to a problem.

/*eslint no-eval: "error"*//*eslint-env es6*/varobj={x:"foo"},key="x",value=obj[key];classA{foo(){// This is a user-defined method.this.eval("var a = 0");}eval(){}}

Options

This rule has an option to allow indirect calls to eval.
Indirect calls to eval are less dangerous than direct calls to eval because they cannot dynamically change the scope. Because of this, they also will not negatively impact performance to the degree of direct eval.